Subject: Re: IPSEC still fails on BETA2/vax
To: Brian Chase <>
From: Olaf Seibert <>
List: current-users
Date: 07/10/2002 02:47:40
On Tue 09 Jul 2002 at 16:31:48 -0700, Brian Chase wrote:
> On Wed, 10 Jul 2002, Olaf Seibert wrote:
> > On Tue 09 Jul 2002 at 08:33:37 +0900, wrote:
> > > 	sorry, i checked your original posting.  could you check where the
> > > 	kernel code is returning EINVAL in UPDATE message handling?  it should
> > > 	be somewhere inside sys/netkey/*.c (some printfs should do it).
> >
> > I added some printf() calls in sys/netkey/key.c in the function
> > key_update(). Now I get this on my console (racoon output mixed with
> > kernel output).  I show the spi from the kernel messages and the one
> > other occurrance of it. Could it be some time-out because there is such
> > a long time (1 minute 21 seconds) between these parts?
> Just out of curiosity, Olaf, on which model of VAX are you running this?

A VAXstation 3100 (M38) which apparently has 2.8 VUPs. It is certainly
not the fastest beast in the world - it took about a week to build the
world, last time I tried.

I already increased timeouts in racoon.conf, and tomorrow I will try the
sysctl setting Itojun suggested. I was not aware of it, so I think this
will give good results. I was afraid of some hard-to-find code
generation bug but for the moment I am confident that it is just the

> -brian.
___ Olaf 'Rhialto' Seibert - rhialto@       -- Woe betide the one who feels
\X/  -- remorse without sin - Tom Poes, "Het boze oog", 4444.